Category: DarkNet

Home Viewing author profile for Bill Toulas Author Bio Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube A new Android spyware called ClayRat is luring

A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. The malware is targeting Russian users through Telegram channels and malicious websites that appear legitimate. It can steal SMS meessages call logs, notifications, take pictures, and even make phone calls. Malware researchers

A cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in “pirate payroll” attacks since March 2025. Microsoft Threat Intelligence analysts who spotted this campaign found that the threat actors are targeting Workday accounts; however, other third-party human resources (HR) software-as-a-service (SaaS) platforms could also be

A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s system and bypassing security software. The new phishing and social engineering attack impersonates a “Fortinet VPN Compliance Checker” and was first spotted by cybersecurity researcher P4nd3m1cb0y, who shared information about it on X. In

Sports betting giant DraftKings has notified an undisclosed number of customers that their accounts had been hacked in a recent wave of credential stuffing attacks. DraftKings, a gambling company based in Boston and founded in 2012, provides sportsbook and daily fantasy sports (DFS) services and is an official partner of the NFL, NHL, PGA TOUR

A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month. Tracked as CVE-2025-10035, this security flaw impacts Fortra’s web-based secure transfer GoAnywhere MFT tool, caused by a deserialization of untrusted data weakness in the License Servlet. This vulnerability can be exploited

Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. ICS files, also known as iCalendar files, are used to store calendar and scheduling information (meetings, events, and tasks) in plain text, and to exchange it between various calendar applications.

A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses, researchers warn.  Cybersecurity intelligence company GreyNoise reports a 500% increase in IP addresses focused on Palo Alto Networks GlobalProtect and PAN-OS profiles. The activity culminated on October 3 with more than 1,285 unique IPs engaged in the

Signal announced the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to withstand quantum computing threats. SPQR will serve as an advanced mechanism that continuously updates the encryption keys used in conversations and discarding the old ones. Signal is a cross-platform, end-to-end encrypted messaging and calling app managed by the non-profit Signal

Microsoft says Outlook for Web and the new Outlook for Windows will no longer display risky inline SVG images that are being used in attacks. This change began rolling out worldwide in early September 2025 and is expected to be completed for all customers by mid-October 2025. Redmond added that this change will affect less